Invia #707106: ctcms 2.1.2 Command Injectioninformazioni

Titoloctcms 2.1.2 Command Injection
DescrizioneCTCMS (Ctcms video system) version 2.1.2 contains a Server-Side Template Injection (SSTI) vulnerability in the backend template management functionality. An authenticated administrator can edit templates and inject malicious template syntax, leading to remote code execution.The vulnerability exists in the template management module. When an administrator edits template files (such as head.html), the system processes template syntax without proper sanitization. By injecting malicious template code containing PHP functions like eval(), an attacker can achieve remote code execution when the template is rendered.
Fonte⚠️ https://note-hxlab.wetolink.com/share/Ros8ZIeCLQrN
Utente
 airrudder (UID 25092)
Sottomissione05/12/2025 09:00 (6 mesi fa)
Moderazione15/12/2025 18:02 (10 days later)
StatoAccettato
Voce VulDB336488 [CTCMS Content Management System fino a 2.1.2 Frontend/Template Management CT_Parser.php escalationi di privilegi]
Punti20

PrecedenteVisione D'ensembleIl prossimo

Interested in the pricing of exploits?

See the underground prices here!